Once you download the public key from the key-server, you want to ensure that the public key that you have exchanged has not been compromised. You can derive a fingerprint from the entire public key and compare the resulting hashes using the following command while replacing the email with your own email address used when generating your public key.

Once verified, the imported key now needs to be signed to tell GnuPG that you have verified the authenticity of the key and you trust it.

$ gpg --sign-key user@email.com

Exporting Keys

As mentioned in importing keys, you may want to share your public key via email or upload it to an key-server.

To share it in person or via email, use the following command to extract the public key to a file while replacing the below email:

$ sudo gpg --output ~/mygpg.key --armor --exportlinuxuser@email.com

The output should be a file called mygpg.key which will be stored in your desired location (in my case, the home directory). You can now copy and paste the key to an external drive, share via NFS or whichever way you deem suitable.

To upload your key on a key server, you first have to decide the suitable server for you and use the following command to upload the public key to the key server. Make sure to give it an identification that is easy to remember, like an email address.

Encrypting Messages

To encrypt a document, you first need to ensure that you have your own generated key pair and also you have the public key for the intended recipient. Use the command below to encrypt a message:

$ sudo gpg --output doc.gpg --encrypt --recipient user@email.com doc

Decrypting Messages

To decrypt the message, you need to have the public key of the message sender. To do this, type in the following command.

$ sudo gpg --output desiredFileName.txt --decrypt doc.gpg

The doc.gpg is the name of the encrypted file while desiredFileName.txt is the name of the file you want to save the decrypted content to.

On entering this command, you will be prompted for your passphrase before decryption is done.

Special Note: You will have a maximum of 3 attempts to enter your correct passphrase.

Conclusion

The GPG package can also be installed in an email client such as Mozilla’s Thunderbird email client as an add-on (called Enigmail). The package will help you share your keys via email; as an attachment and save them on your desktop.

You can easily import keys from any key-server and encrypt an email for multiple recipients at the same time.